Sunday, September 2, 2012

Easily Securing your Desktop and Web Passwords

Recently I updated how I store my passwords. If you're like me you have all kinds of passwords, for Amazon, PayPal, iTunes, Gmail, etc. I try to use a different password per website but it's hard to keep up with them. I was storing them (unencrypted - YIKES) in a list in Microsoft OneNote. The problem is that now my OneNote notebook is in the "cloud".  Meaning that my data is sent over the wire to Microsoft's servers.  That's great for me because it syncs to my work PC, home PC, iPhone, and iPad. But its bad because if ever one of these devices gets compromised… well I'm in for a bad day to say the least.  I'm also assuming that OneNote sends it's data via SSL so that anyone using Wireshark or another other packet sniffer can't see my data as it travels across the internet.

I was reading Kevin Mitnick's book, Ghost in the Wires, (awesome book!) and I realized that I'm pretty vulnerable.  I needed to do something about this.

Desktop Applications

I found an open-source software called PasswordSafe.  The software is great for storing all my passwords.  You can double click on any entry you've created and it copies it to your clipboard, without every needing to see it.  Then you just paste it into the password field.  Which is great if your friends are around - or anyone else for that matter.  

It took me about 10 minutes to populate the list of my most used passwords and I'll never have to worry about forgetting about them again.

It's free so give it a try @ http://passwordsafe.sourceforge.net/.

Web Browsing

The best security for web-browsing (IMHO) is to use Google's Chrome browser. When you sign in to Chrome and enable sync (which is off by default), Chrome keeps your information secure by using a passphrase to encrypt your synced data. By default, Chrome uses your Google Account password as the passphrase, but you can choose to use a custom encryption passphrase instead. This custom passphrase is stored on your computer and isn’t sent to Google.  

To enable encryption just click on the Wrench icon in the top right of Chrome and select Settings.  Then select Advanced sync settings...


You can tell Chrome to Sync everything and be sure to enable Encrypt all synced data.  


This will allow your passwords to be synchronized across multiple devices and browsers.  For example, if you use Chrome on your iPad,  your Android device and your PCs.

I've always heard that using Internet Explorer opens up the most risk for attack because it's used by so many more people.  But when I was looking at the statistics for browsers used I was surprised to see that Chrome is indeed taking the lead.  


The best protection against threats is yourself.  Don't open up those emails from people you don't know.  Make sure the URLs you type are correct.  Look to see if your bank or credit card website starts with https.  And, last but not least, don't store your passwords on your desk or in a file that's easily accessible.  

So Dear Reader, do you have any good suggestions for keeping your passwords secure?  Do you still write them down on a Post-It or keep them in a text (passwords.txt) file on your desktop? ;)


No comments:

Post a Comment